Introduction

In my previous post i described how to setup an IPSEC VPN for use with Iphone,
Ipad and Mac OSX IPSEC VPN clients.

This post describes how to enable split tunneling which is supported by the
Mac OSX IPSEC client. Although split tunneling is considered insecure there
are cases where it is ideal to run split tunnels.

The scenario for this post is that you are connected to a LAN (10.128.0.0/24) with
internet access via a gateway on the LAN, you want to connect to a different
network 192.168.1.0/24 which is only accessible via VPN, but you want to retain
access to resources on the LAN while accessing the remote 192.168.1.0/24 network.

To follow this howto you need to have strongswan rpm with the attr-sql plugin
enabled with a sqlite or mysql backed plugin enabled.
The EPEL rpm does not support these features at the time of writing. You need to build your own
custom strongswan rpm. You can download my spec file and use it to build
yourself the rpm.

Installation

Install the rpm

rpm -Uvh strongswan-5.0.0-5.el6.x86_64.rpm

Configuration

Use the following configuration files, if you installation is new refer to
my previous post on how to create the certificates

Create strongswan configuration

This strongswan configuration allows you to use both certificates and pre shared
keys.

Now when you connect, you will remain connected to your LAN as well as the remote network 10.128.0.0/24
if you run netstat -rn you will see the 10.128.0.0/24 network being routed via the tunnel interface.